In a recent survey conducted by IDG Connect and FireEye, it was found that the majority of companies in France, Germany and the UK still have work to do in implementing sufficient security measures to meet the new requirements mandated by the Network and Information Security (NIS) Directive and the General Data Protection Regulation (GDPR).
Of the 260 respondents, only 39% of organisations have all of the measures in place for the NIS, and just 20% are completely ready for the GDPR. 6% of organisations have no measures in place for the NIS and 9% have none for the GDPR.
According to the survey, the biggest challenges for organisations meeting these requirements is adding new hardware and software (23%), the implementation costs (23%) and the complex security policies (18%).
In-house IT departments are widely (62%) expected to be responsible for assessing NIS/GDPR compliance requirements, and formulating appropriate policies and reporting frameworks.
Meeting your NIS and GDPR requirements
Managing your data effectively for compliance with the NIS Directive and the GDPR requires a robust information security management system (ISMS). Information security is a broad approach that addresses the security of information in all forms and covers paper documents, physical security and human error, as well as the handling of digital data.
ISO27001:2013 is the internationally recognised best-practice standard that lays out the requirements of an ISMS and forms the backbone of every intelligent cyber security risk management strategy.
Organisations gearing themselves up to comply with the NIS Directive and the GDPR are increasingly seeking certification to ISO27001 as its comprehensive information security approach can centralise and simplify disjointed compliance efforts. It is often the case that companies will achieve compliance with a host of legislative requirements simply by achieving ISO27001 certification.
The latest version of the Standard, ISO27001:2013, is simple to follow and has been developed with business in mind.
It presents a comprehensive and logical approach to developing, implementing and managing an ISMS, and provides associated guidance for conducting risk assessments and applying the necessary risk treatments.
In addition, ISO27001:2013 has been developed to harmonise with other standards, so the process of auditing other ISO standards will be an integrated and smooth process, removing the need for multiple audits.
Tackling your compliance projects
As a global leader in ISO27001 expertise, we have developed ‘all-in’ ISO27001 packaged solutions to help organisations meet their information security compliance requirements.
Each solution is a combination of products and services in a fixed-price, fit-for-use package sure to meet your organisation’s preferences for tackling ISO27001 compliance projects. The four ISO27001 packaged solutions are accessible online and can be deployed by any company anywhere in the world.
The results of the survey from IDG Connect and FireEye are available as an infographic.